Merge remote-tracking branch 'tower/release_3.2.2' into devel

2026-05-06 17:07:36 -02:30 · 2017-12-13 12:25:47 -05:00
parent 05bec924e4 fac7fd45f8
commit 9dbcc5934e
144 changed files with 9292 additions and 9012 deletions
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -241,7 +241,8 @@ class TowerSAMLIdentityProvider(BaseSAMLIdentityProvider):
        """
        key = self.conf.get(conf_key, default_attribute)
        value = attributes[key] if key in attributes else None
-        if isinstance(value, list):
+        # In certain implementations (like https://pagure.io/ipsilon) this value is a string, not a list
+        if isinstance(value, (list, tuple)):
            value = value[0]
        if conf_key in ('attr_first_name', 'attr_last_name', 'attr_username', 'attr_email') and value is None:
            logger.warn("Could not map user detail '%s' from SAML attribute '%s'; "
@@ -309,7 +310,7 @@ def _update_m2m_from_groups(user, ldap_user, rel, opts, remove=True):
                should_add = True
    if should_add:
        rel.add(user)
-    elif remove:
+    elif remove and user in rel.all():
        rel.remove(user)


--- a/awx/sso/tests/unit/test_ldap.py
+++ b/awx/sso/tests/unit/test_ldap.py
@@ -1,6 +1,7 @@
 import ldap

 from awx.sso.backends import LDAPSettings
+from awx.sso.validators import validate_ldap_filter


 def test_ldap_default_settings(mocker):
@@ -15,4 +16,11 @@ def test_ldap_default_network_timeout(mocker):
    from_db = mocker.Mock(**{'order_by.return_value': []})
    with mocker.patch('awx.conf.models.Setting.objects.filter', return_value=from_db):
        settings = LDAPSettings()
-        assert settings.CONNECTION_OPTIONS[ldap.OPT_NETWORK_TIMEOUT] == 30
+        assert settings.CONNECTION_OPTIONS == {
+            ldap.OPT_REFERRALS: 0,
+            ldap.OPT_NETWORK_TIMEOUT: 30
+        }
+
+
+def test_ldap_filter_validator():
+    validate_ldap_filter('(test-uid=%(user)s)', with_user=True)
--- a/awx/sso/validators.py
+++ b/awx/sso/validators.py
@@ -47,7 +47,7 @@ def validate_ldap_filter(value, with_user=False):
        dn_value = value.replace('%(user)s', 'USER')
    else:
        dn_value = value
-    if re.match(r'^\([A-Za-z0-9]+?=[^()]+?\)$', dn_value):
+    if re.match(r'^\([A-Za-z0-9-]+?=[^()]+?\)$', dn_value):
        return
    elif re.match(r'^\([&|!]\(.*?\)\)$', dn_value):
        try: